From 92d052faf017d373d0194d66ed7cf896b48f9c5a Mon Sep 17 00:00:00 2001 From: tigerbot Date: Fri, 11 Aug 2017 16:38:22 -0600 Subject: [PATCH] made req.oauth3 immutable after its creation --- lib/oauth3.js | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/oauth3.js b/lib/oauth3.js index fc3bc6f..28ee6a9 100644 --- a/lib/oauth3.js +++ b/lib/oauth3.js @@ -165,6 +165,15 @@ function verifyToken(token) { }); } +function deepFreeze(obj) { + Object.keys(obj).forEach(function (key) { + if (obj[key] && typeof obj[key] === 'object') { + deepFreeze(obj[key]); + } + }); + Object.freeze(obj); +} + function attachOauth3(req, res, next) { req.oauth3 = {}; @@ -210,6 +219,8 @@ function attachOauth3(req, res, next) { return PromiseA.resolve(sub || ppid); }; }).then(function () { + deepFreeze(req.oauth3); + Object.defineProperty(req, 'oauth3', {configurable: false, writable: false}); next(); }, function (err) { res.send(err);